REMARKS 



Rejection of claims 1-12 under 35 U.S.C. §102(b) 

The Examiner rejected claims 1-12 under 35 U.S.C. §102(b) as being anticipated 
by "Understanding LDAP" by the International Technical Support Organization. 
Applicant traverses the Examiner's finding of anticipation. 

The Examiner's Response to Arguments in the Final Rejection 

The Examiner's understanding and statements about the nature of a directory 
appear to be correct. Specifically, that something "in" a directory means that it is 
accessible from the directory, but the end item is not actually stored in the directory. The 
common language used by those in the computer art, that some thing is "in" a directory is 
used with this understanding. Those in the art understand that something "in" a directory 
means that the link to the item is stored in the directory, not the item itself. This ordinary 
meaning is used herein, and no change in the common usage of the phrase "in a directory" 
is intended. 

Despite the prior paragraph, the Examiner seems to suggest broadly that 
something is "in" a directory if they are logically associated in such a way as to be 
accessible from it. In the normal case, this is true. But the normal use of these terms 
does not extend to multiple levels of association. The protected resources are not "stored 
in" the directory even though the applications may be able to access them through the 
proxy entries that are stored "in" the directory. The proxy entries are "in" the directory, 
meaning that they are associated with the directory in the normal usage of the term. 
However, the protected resources are not located "in" the directory within the normal 
usage of the term, even though the protected resources can ultimately be logically 
associated with the proxy entries through the mapping between protected resources and 
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proxy entries located in the applications. Applicant believes it would be an inappropriate 
extension of the normal use of these terms to extend the association of what is in a 
directory to multiple levels. 

In the Final rejection mailed 3/22/2005, the Examiner affirmed the previous 
rejections supported by additional arguments. In these arguments, the Examiner makes 
the following statement: 

These limitations, "a directory that has a plurality of entries", and "a logical 
mapping that correlates each protected resource with a corresponding proxy entry' 
by definition means that these protected resources which applicant claims are 
indeed "stored" within the directory. They are logically associated in such a way 
as to be accessible from the directory. 

Applicant believes this statement illustrates a fundamental misunderstanding and/or mis- 
characterization of the cited art and the applicant's claimed invention. If the above 
statement were true, then the bulk of the Examiner's arguments would logically follow. 
However, there is an important flaw in the logic of the above statement. 

The examiner's statement quoted above describes two claim elements, and 
indicates these two elements are stored in the directory. However, a proper interpretation 
of the language of the claim indicates the two limitations are not both located in the 
directory, so the conclusion of the examiner's statement is not correct. The first element 
in the above statement is "a directory that has a plurality of entries," which by its own 
definition refers to entries that are stored in the directory. 

A careful reading of claim 1 shows the second claim limitation in the above 
quoted statement "a logical mapping" is located within the application. The "logical 
mapping" is not "in" the directory. Therefore, the logical mapping that correlates the 
protected resource with the proxy entry is not stored in the directory as these terms are 
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used in their normal sense. And further, the plain meaning would also give the 
conclusion that the protected resources are not stored in the directory. 

The language of claim 1 indicates that the proxy entries are in the directory, the 
protected resources are outside the directory, and the mapping of protected resources and 
the proxy entries are in the application. The application can determine whether the 
application is authorized to access a protected resource outside the directory by using the 
authentication function to determine if a corresponding proxy entry may be accessed. The 
corresponding proxy entry is determined from the mapping located in the application. 
The mapping is not part of the directory. 

Applicant believes the cited art does not teach or discuss the invention as claimed 
and respectfully requests the Examiner to reconsider the rejection of claims 1-12. The 
cited art does not teach or suggest to use a proxy entry in the directory for the application 
to determine if it has authorization to access a protected resource that is not stored in the 
directory. While, the arguments above were specifically directed to claim 1, they apply 
similarly to the other independent claims. Further, the arguments below give specific 
responses for the Examiner's rejection of each of the claims. 

. Claim 1 

For the claim limitation "a plurality of protected resources that are not stored 
within the directory," the Examiner cites page 6, paragraph 5-6. This section of the cited 
art describes a distributed directory, a directory where different parts of the directory are 
stored in different locations. The Examiner then suggests that "resources may not be 
stored within the directory because the directory itself can be decentralized or 
distributed." This statement lacks normal logic. The Examiner seems to suggest that 
since the directory is decentralized, then resources in the remote directory portions are not 
in the directory. But even something that is decentralized has identifiable bounds and 
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limits. And the bounds and limits of the distributed directory in Understanding LDAP 
includes all distributed portions of the directory. The cited document is the user's manual 
for the Lightweight Directory Access Protocol (LDAP). This manual deals with 
accessing resources that are within the directory, even if the directory is distributed. The 
cited document does not teach or even suggest protected resources outside the directory. 
Since the cited art does not teach or suggest using the directory authorization for 
protecting resources outside the directory, claim 1 is allowable over the cited art. 

For the claim limitation: 

"an application residing in the memory and executed by the at least one processor, 
the application including a logical mapping that correlates each protected resource 
with a corresponding proxy entry, the application determining whether the 
application is authorized to access a selected protected resource by invoking the 
authentication and authorization functions in the directory service server to 
determine whether the proxy entry corresponding to the selected resource may be 
accessed, and if so, the application accesses the selected protected resource," 

the Examiner cites page 8, paragraph 1 of Understanding LDAP. This section of the cited 
art describes authorization based on access control lists (ACLs). This portion of the cited 
art does not teach the above claim limitation. Further, the Examiner has not mapped the 
teachings of the cited art on the many listed limitations of the claim. The elements not 
identified by the Examiner include the application in memory, the logical mapping that 
correlates to a protected resource, the proxy entry, and determining whether the 
application is authorized to access a selected protected resource by invoking the 
authentication and authorization functions in the directory service server to determine 
whether the proxy entry corresponding to the selected resource may be accessed, etc. As 
a result, the Examiner has failed to establish a prima facie case of anticipation for claim 1 
under 35 U.S.C. § 102(b). The cited art does not teach the above limitations. For the 
reasons given above, claim 1 is allowable over the cited art, and applicants respectfully 
request reconsideration of the Examiner's rejection of claim 1 under 35 U.S.C. § 102(b). 
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Claims 2-3 



Claims 2-3 depend on claim 1, which is allowable for the reasons given above. 
As a result, these claims are allowable as depending on an allowable independent claim. 

Claim 4 

For the claim limitation "identifying a proxy entry that corresponds to the external 
protected resource," the Examiner cites page 18, Figure 5 of Understanding LDAP. This 
portion of the cited art shows results from searching an Internet directory. The Examiner 
seems to be relying here on the same logic discussed above with reference to claim 1, i.e., 
that since the directory is decentralized, then resources in the remote directory portions 
are not in the directory. As discussed above, items in remote portions of a decentralized 
directory are still within the directory. The cited portion of the reference does not even 
deal with an external protected resource as recited in claim 4. The cited document is the 
user's manual for the Lightweight Directory Access Protocol. This manual deals with 
resources that are within the directory. The cited document does not teach or even 
suggest making a proxy in the directory for outside resources. Because the cited art does 
not teach or suggest using the directory authorization for protecting resources outside the 
directory, claim 4 is in condition for allowance over the cited art, and applicants 
respectfully request reconsideration of the Examiner's rejection of claim 4 under 35 
U.S.C. § 102(b). 

Claim 5 

Claim 5 depends on claim 4, which is allowable for the reasons given above. As a 
result, claim 5 is allowable as depending on an allowable independent claim. 
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Claim 6 



For the claim limitation "creating a proxy entry in the directory service for each 
protected resource," the Examiner cites page 18, Figure 5 of Understanding LDAP. This 
portion of the cited art shows results from searching an Internet directory. The portion of 
the cited art does not teach or suggest creating a proxy entry in the directory service for a 
protected resource outside of the directory. Therefore, claim 6 is allowable over the cited 
art, and applicants respectfully request reconsideration of the Examiner's rejection of 
claim 6 under 35 U.S.C. § 102(b). 

Claim 7 

Claim 7 depends on claim 6, which is allowable for the reasons given above. As a 
result, claim 7 is allowable as depending on an allowable independent claim. 

Claim 8 

For the claim limitation: 

"a software application that uses a logical mapping that correlates a plurality of 
protected resources that are not stored or contained within the directory with 
corresponding proxy entries in a directory service that is managed by a directory 
service server, the application determining whether the application is authorized 
to access a selected protected resource by invoking authentication and 
authorization functions in the directory service server to determine whether the 
proxy entry corresponding to the selected resource may be accessed, and if so, the 
application accesses the selected protected resource," 

the Examiner cites page 7, section 1.1.4 Directory Security, paragraph 3, and page 8, 1 st 
paragraph. This portion of the cited art describes directory security in general. The 
portion of the cited art does not teach or suggest a software application that uses a logical 
mapping that correlates a plurality of protected resources that are not stored or contained 
within the directory. This portion of the cited art does not teach the above claim 
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limitations. Further, the Examiner has not mapped the cited art on each and every 
limitation in the claim. As a result, the Examiner has failed to establish a prima facie 
case of anticipation for claim 8 under 35 U.S.C. § 102(b). Because the cited art does not 
teach the above limitations, claim 8 is in condition for allowance over the cited art, and 
applicants respectfully request reconsideration of the Examiner's rejection of claim 8 
under 35 U.S.C. § 102(b). 

Claims 9-12 

Claims 9-12 depend on claim 8, which is allowable for the reasons given above. 
As a result, claims 9-12 are allowable as depending on an allowable independent claim. 
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Conclusion 

In summary, none of the cited prior art, either alone or in combination, teach, 
support, or suggest the unique combination of features in applicants' claims presently on 
file. Therefore, applicants respectfully assert that all of applicants' claims are allowable. 
Such allowance at an early date is respectfully requested. The Examiner is invited to 
telephone the undersigned if this would in any way advance the prosecution of this case. 
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